Commit 2ee30b0b authored by gshchepa/uchum@gleb.loc's avatar gshchepa/uchum@gleb.loc
Browse files

Fixed bug #28522: 

sometimes `mysqldump --hex-blob' overruned output buffer by '\0' byte.

The dump_table() function has been fixed to reserve 1 byte more for the
last '\0' byte of dumped string.
parent 55906317

client/mysqldump.c

+5 −2
Original line number Diff line number Diff line
@@ -2529,15 +2529,18 @@ static void dump_table(char *table, char *db) 
                  plus 2 bytes for '0x' prefix.

                  - In non-HEX mode we need up to 2 bytes per character,

                  plus 2 bytes for leading and trailing '\'' characters.

                  Also we need to reserve 1 byte for terminating '\0'.

                */

                dynstr_realloc_checked(&extended_row,length * 2+2);

                dynstr_realloc_checked(&extended_row,length * 2 + 2 + 1);

                if (opt_hex_blob && is_blob)

                {

                  dynstr_append_checked(&extended_row, "0x");

                  extended_row.length+= mysql_hex_string(extended_row.str +

                                                         extended_row.length,

                                                         row[i], length);

                  extended_row.str[extended_row.length]= '\0';

                  DBUG_ASSERT(extended_row.length+1 <= extended_row.max_length);

                  /* mysql_hex_string() already terminated string by '\0' */

                  DBUG_ASSERT(extended_row.str[extended_row.length] == '\0');

                }

                else

                {

mysql-test/r/mysqldump.result

+11 −0
Original line number Diff line number Diff line
@@ -3310,5 +3310,16 @@ drop user user1; 
drop user user2;

drop database mysqldump_test_db;

#

# Bug #28522: buffer overrun by '\0' byte using --hex-blob.

#

CREATE TABLE t1 (c1 INT, c2 LONGBLOB);

INSERT INTO t1 SET c1=11, c2=REPEAT('q',509);

CREATE TABLE `t1` (

  `c1` int(11) default NULL,

  `c2` longblob

);

INSERT INTO `t1` VALUES (11,0x7171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171717171);

DROP TABLE t1;

#

# End of 5.0 tests

#

mysql-test/t/mysqldump.test

+7 −0
Original line number Diff line number Diff line
@@ -1528,7 +1528,14 @@ drop user user2; 


drop database mysqldump_test_db;



--echo #

--echo # Bug #28522: buffer overrun by '\0' byte using --hex-blob.

--echo #



CREATE TABLE t1 (c1 INT, c2 LONGBLOB);

INSERT INTO t1 SET c1=11, c2=REPEAT('q',509);

--exec $MYSQL_DUMP --skip-create --compact --hex-blob test t1

DROP TABLE t1;



--echo #

--echo # End of 5.0 tests